Hi,
I am monitoring zip files from folders with below inputs.conf:
What does the number of files denote shown in the screenshot?
Does that mean the number of files indexed or the number of files only monitored since I am giving ignoreOlderThan
in inputs.conf?
[monitor://\\abcstoragen\PQRS\XYZ\(AbcdLogs|ABLogs)*\...\*.zip]
disabled = 0
index = abc
sourcetype = pqr
ignoreOlderThan = 3d
crcSalt = <SOURCE>
A number of files shows high count but yet no file is indexed and it is increasing since recently I created a new input.
Thanks!
I would open a support case and also ask them to update the docs on this because it does different things for different types of inputs. For example, the Splunk_TA_nix has an input for /var/log/secure
and this screen shows a value of 144
even though it only contains the exact file and 4 rotated files. This makes no sense.